Is Proxy-Authorization only sent after 407, or can it also be sent after
401? Section 3.6 (entitled Proxy-Authentication and Proxy-Authorization)
says that:
Upon receiving a request which requires authentication, the proxy/server
must issue the "HTTP/1.1 401 Unauthorized " response with a
"Proxy-Authenticate" header.
Section 1.2 says:
The 401 (Unauthorized) response message is used by an origin server to
challenge the authorization of a user agent. This response MUST include a
WWW-Authenticate header field containing at least one challenge applicable
to the requested resource. The 407 (Proxy Authentication Required) response
message is used by a proxy to challenge the authorization of a client and
MUST include a Proxy-Authenticate header field containing a challenge
applicable to the proxy for the requested resource.